I am working on binary code obfuscation techniques as part of my project. I have developed some techniques which I wish to test out on malware code. The basic idea is to obfuscate malware so as to prevent detection by anti virus programs and static analyzers. I am however, a newbie to reversing and would like some help/references in doing this job. The task is to take a virus binary and apply certain code transformations and make it run again.

Can anyone suggest a suitable direction for me to start off from ?

Thanks

Here's hoping you fail miserably. You don't seriously think anyone here is going to help you, do you?

Git

I am not asking anyone to help me. I just wanted to use the experience of members here to give me a few pointers. I need to establish a proof of concept for some obfuscation techniques. I wanted to know if I should go about writing a complete binary rewriting engine or if something like that already exists (I have seen the Mistfall engine and it not very helpful to me) or perhaps use a compiler to insert my code in the binary. I have never done any major work in reversing or in windows binaries before.

I might be wrong but I thought that the purpose of this forum is to pass on knowledge to people who dont have it.

ninja:

you have posted on wrong forum; this board is mostly dedicated to reversing & cracking (and recently selling some crack), the info you are searching for are related to to VX scene rather than crack;

Here are the steps you need to go through for altering\morphing a code:

1. Disassemble it; here you don't have engines like wdasm or IDA, so considering that you must handle it by few KB code, this is gonna be very hard;
2- make a full table of references (jumps\call etc.)
3- Morph the disassembled code (there are a lot of ways to do that)
4- Assemble the morphed code to binary format
5- fix jumps\calls\branches etc.

This is already done by VX gurus, do some googling and you will find it;

PS are you going to code like malware or something? coding VX is very nice experience, but I advice you not to go for it, I've been and there is no happy ending for that :D

cEngineer, thanks for the reply

No, I am not trying to write any malware code. I am trying obfuscate existing malware code to prevent detection by anti virus software. I have thought of a few techniques and want to test them by applying them to the code of existing viruses. Hence, I was looking for some binary rewriting techniques. If a rewriting engine already exists, it would be easier for me to use it to test my techniques rather than code one from the scratch.